Behaviour of the Ansible yum module with enablerepo and disablerepo
5,498 views
Skip to first unread message
Guillaume Belrose
Oct 15, 2015, 8:21:24 AM10/15/15
to Ansible Project
Hi all,
I am using Ansible 1.9.2 on CentOS 6.7. I am designing a system which can deploy software onto machines when those machines don't have access to the Internet. I basically have an Ansible controller node with cached RPMs and a web server. On each target node, I have defined a .repo file to instruct each node to fetch the rpms from the web server.
When I do the deployment, I am finding that the yum module does not work.
For example, executing the following task fails:
- name: install the MySQL-python package
yum: disablerepo=* enablerepo=ansible name=MySQL-python
The error message is:
TASK: [icingaweb2 | install the MySQL-python package] *************************
failed: [192.168.50.201] => {"changed": false, "failed": true, "rc": 0, "results": []}
msg: No Package matching 'MySQL-python' found available, installed or updated
FATAL: all hosts have already failed -- aborting
However if I use the yum command via an Ansible shell, the package is installed correctly:
- name: install the MySQL-python package
shell: yum -y --disablerepo=* --enablerepo=ansible install MySQL-python
I was wondering if I am not using the yum module correctly or if this is an Ansible bug.
Thanks in advance.
Guillaume.
Toshio Kuratomi
Oct 15, 2015, 5:32:52 PM10/15/15
to ansible...@googlegroups.com
with Fedora 21 and ansible-1.9.3-2 from the Fedora packages:
---
- hosts: localhost
tasks:
- yum: disablerepo=* enablerepo=updates name=python-q
$ ansible-playbook yum.yml --sudo -K *[stable-1.9] (14:28:08)
SUDO password:
PLAY [localhost] **************************************************************
GATHERING FACTS ***************************************************************
ok: [localhost]
TASK: [yum disablerepo=* enablerepo=updates name=python-q] ********************
changed: [localhost]
PLAY RECAP ********************************************************************
localhost : ok=2 changed=1 unreachable=0 failed=0
[pts/19@roan /srv/ansible/stable/lib/ansible/modules]$ rpm -q python-q
*[stable-1.9] (14:28:27)
python-q-2.5-2.fc21.noarch
There were some bugs in the yum module that were fixed in 1.93 and
more that were fixed in 1.9.4. Perhaps you could try the
ansible-1.9.4 packages from the EPEL testing repository and see if the
behaviour is still the same?
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1ba9b07c1e
-Toshio
Steve Malenfant
Oct 22, 2015, 9:46:00 AM10/22/15
to Ansible Project
I've got the same problem here on both 1.9.2 and 1.9.4. You need some "unreachable" repos in your /etc/yum.repos.d configured to reproduce.
Example :
I'm using this here "yum: name={{ item }} disablerepo=* enablerepo=private* state=present" and the output is like this :
failed: [psp6cdvhst07.coxlab.net] => (item=yum-utils,libselinux-python) => {"changed": false, "failed": true, "item": "yum-utils,libselinux-python", "rc": 0, "results": []}
msg: No Package matching 'yum-utils' found available, installed or updated
Although if I use the yum CLI "# yum install yum-utils --disablerepo=* --enablerepo=private*" it works just fine.
Really does create a problem installing on servers on Private IP space which aren't connect to internet.
Steve
Steve Malenfant
Oct 22, 2015, 10:20:58 AM10/22/15
to Ansible Project
If you use disablerepo=base,updates,extras it seems to work. the Wildcard doesn't seem to work. ???
Toshio Kuratomi
Oct 27, 2015, 6:29:35 PM10/27/15
to ansible...@googlegroups.com
I still have not been able to replicate this. Taking all the things
that people have said on this list I just ran a test on a centos6
host:
$ cat /etc/redhat-release
(15:20:34)
CentOS release 6.6 (Final)
with ansible-1.9.2 from the epel repository.
[pts/0@rhel6 ~]$ rpm -q ansible
(15:21:01)
ansible-1.9.2-1.el6.noarch
[pts/0@rhel6 ~]$ ansible --version
(15:21:06)
[WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (i.e. yum update gmp).
ansible 1.9.2
configured module search path = None
I have a repository that is unreachable enabled in /etc/yum.repos.d:
[pts/0@rhel6 ~]$ cat /etc/yum.repos.d/broken.repo
(15:21:37)
[broken]
name=Broken
baseurl=http://download.fedoraproject.org/broken
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
[pts/0@rhel6 ~]$ sudo yum install -y python-q
(15:22:08)
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirror.lax.hugeserver.com
* epel: linux.mirrors.es.net
* extras: mirrors.psychz.net
* updates: centos.mirrors.hoobly.com
http://download.fedoraproject.org/broken/repodata/repomd.xml: [Errno
14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not
Found"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for
repository: broken. Please verify its path and try again
The playbook seems to contain all the same pieces (including use of
wildcards in both disable and enablerepo):
[pts/0@rhel6 ~]$ cat yum.yml
(15:26:51)
- yum: name={{item}} disablerepo=* enablerepo=e* state=present
with_items:
- python-q
But my run succeeds:
[pts/0@rhel6 ~]$ ansible-playbook yum.yml --sudo -K -v
(15:24:48)
[WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (i.e. yum update gmp).
SUDO password:
PLAY [localhost] **************************************************************
GATHERING FACTS ***************************************************************
ok: [localhost]
TASK: [yum name=python-q state=absent] ****************************************
changed: [localhost] => {"changed": true, "msg": "", "rc": 0,
"results": ["Loaded plugins: fastestmirror\nSetting up Remove
Process\nResolving Dependencies\n--> Running transaction check\n--->
Package python-q.noarch 0:2.5-2.el6 will be erased\n--> Finished
Dependency Resolution\n\nDependencies
Resolved\n\n================================================================================\n
Package Arch Version Repository
Size\n================================================================================\nRemoving:\n
python-q noarch 2.5-2.el6 @epel
28 k\n\nTransaction
Summary\n================================================================================\nRemove
1 Package(s)\n\nInstalled size: 28 k\nDownloading
Packages:\nRunning rpm_check_debug\nRunning Transaction
Test\nTransaction Test Succeeded\nRunning Transaction\n\r Erasing
: python-q-2.5-2.el6.noarch 1/1
\n\r Verifying : python-q-2.5-2.el6.noarch
1/1 \n\nRemoved:\n python-q.noarch 0:2.5-2.el6
\n\nComplete!\n"]}
TASK: [yum name={{item}} disablerepo=* enablerepo=e* state=present] ***********
changed: [localhost] => (item=python-q) => {"changed": true, "item":
"python-q", "msg": "", "rc": 0, "results": ["Loaded plugins:
fastestmirror\nSetting up Install Process\nLoading mirror speeds from
cached hostfile\n * epel: linux.mirrors.es.net\n * epel-debuginfo:
linux.mirrors.es.net\n * epel-source: linux.mirrors.es.net\n *
epel-testing: linux.mirrors.es.net\n * epel-testing-debuginfo:
linux.mirrors.es.net\n * epel-testing-source: linux.mirrors.es.net\n *
extras: mirrors.tummy.com\nResolving Dependencies\n--> Running
transaction check\n---> Package python-q.noarch 0:2.5-2.el6 will be
installed\n--> Finished Dependency Resolution\n\nDependencies
Resolved\n\n================================================================================\n
Package Arch Version Repository
Size\n================================================================================\nInstalling:\n
python-q noarch 2.5-2.el6 epel
15 k\n\nTransaction
Summary\n================================================================================\nInstall
1 Package(s)\n\nTotal download size: 15 k\nInstalled size: 28
k\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction
Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing
: python-q-2.5-2.el6.noarch 1/1
\n\r Verifying : python-q-2.5-2.el6.noarch
1/1 \n\nInstalled:\n python-q.noarch 0:2.5-2.el6
\n\nComplete!\n"]}
PLAY RECAP ********************************************************************
localhost : ok=3 changed=2 unreachable=0 failed=0
If you'd care to try my playbook and see if it works, perhaps that
will help to narrow down where your problem is coming from.
-Toshio
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/75776e4b-7894-4942-9a78-e1a2823f8e62%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.
that people have said on this list I just ran a test on a centos6
host:
$ cat /etc/redhat-release
(15:20:34)
CentOS release 6.6 (Final)
with ansible-1.9.2 from the epel repository.
[pts/0@rhel6 ~]$ rpm -q ansible
(15:21:01)
ansible-1.9.2-1.el6.noarch
[pts/0@rhel6 ~]$ ansible --version
(15:21:06)
[WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (i.e. yum update gmp).
ansible 1.9.2
configured module search path = None
I have a repository that is unreachable enabled in /etc/yum.repos.d:
[pts/0@rhel6 ~]$ cat /etc/yum.repos.d/broken.repo
(15:21:37)
[broken]
name=Broken
baseurl=http://download.fedoraproject.org/broken
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
[pts/0@rhel6 ~]$ sudo yum install -y python-q
(15:22:08)
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirror.lax.hugeserver.com
* epel: linux.mirrors.es.net
* extras: mirrors.psychz.net
* updates: centos.mirrors.hoobly.com
http://download.fedoraproject.org/broken/repodata/repomd.xml: [Errno
14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not
Found"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for
repository: broken. Please verify its path and try again
The playbook seems to contain all the same pieces (including use of
wildcards in both disable and enablerepo):
[pts/0@rhel6 ~]$ cat yum.yml
(15:26:51)
---
- hosts: localhost
tasks:
- yum: name=python-q state=absent
- hosts: localhost
tasks:
- yum: name={{item}} disablerepo=* enablerepo=e* state=present
with_items:
- python-q
But my run succeeds:
[pts/0@rhel6 ~]$ ansible-playbook yum.yml --sudo -K -v
(15:24:48)
[WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (i.e. yum update gmp).
SUDO password:
PLAY [localhost] **************************************************************
GATHERING FACTS ***************************************************************
ok: [localhost]
changed: [localhost] => {"changed": true, "msg": "", "rc": 0,
"results": ["Loaded plugins: fastestmirror\nSetting up Remove
Process\nResolving Dependencies\n--> Running transaction check\n--->
Package python-q.noarch 0:2.5-2.el6 will be erased\n--> Finished
Dependency Resolution\n\nDependencies
Resolved\n\n================================================================================\n
Package Arch Version Repository
Size\n================================================================================\nRemoving:\n
python-q noarch 2.5-2.el6 @epel
28 k\n\nTransaction
Summary\n================================================================================\nRemove
1 Package(s)\n\nInstalled size: 28 k\nDownloading
Packages:\nRunning rpm_check_debug\nRunning Transaction
Test\nTransaction Test Succeeded\nRunning Transaction\n\r Erasing
: python-q-2.5-2.el6.noarch 1/1
\n\r Verifying : python-q-2.5-2.el6.noarch
1/1 \n\nRemoved:\n python-q.noarch 0:2.5-2.el6
\n\nComplete!\n"]}
TASK: [yum name={{item}} disablerepo=* enablerepo=e* state=present] ***********
changed: [localhost] => (item=python-q) => {"changed": true, "item":
"python-q", "msg": "", "rc": 0, "results": ["Loaded plugins:
fastestmirror\nSetting up Install Process\nLoading mirror speeds from
cached hostfile\n * epel: linux.mirrors.es.net\n * epel-debuginfo:
linux.mirrors.es.net\n * epel-source: linux.mirrors.es.net\n *
epel-testing: linux.mirrors.es.net\n * epel-testing-debuginfo:
linux.mirrors.es.net\n * epel-testing-source: linux.mirrors.es.net\n *
extras: mirrors.tummy.com\nResolving Dependencies\n--> Running
transaction check\n---> Package python-q.noarch 0:2.5-2.el6 will be
installed\n--> Finished Dependency Resolution\n\nDependencies
Resolved\n\n================================================================================\n
Package Arch Version Repository
Size\n================================================================================\nInstalling:\n
python-q noarch 2.5-2.el6 epel
15 k\n\nTransaction
Summary\n================================================================================\nInstall
1 Package(s)\n\nTotal download size: 15 k\nInstalled size: 28
k\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction
Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing
: python-q-2.5-2.el6.noarch 1/1
\n\r Verifying : python-q-2.5-2.el6.noarch
1/1 \n\nInstalled:\n python-q.noarch 0:2.5-2.el6
\n\nComplete!\n"]}
PLAY RECAP ********************************************************************
localhost : ok=3 changed=2 unreachable=0 failed=0
If you'd care to try my playbook and see if it works, perhaps that
will help to narrow down where your problem is coming from.
-Toshio
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/75776e4b-7894-4942-9a78-e1a2823f8e62%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages